Overview
overview
7Static
static
3Saturn.zip
windows10-2004-x64
1wwwroot/_c...pp.css
windows10-2004-x64
7wwwroot/_c...in.css
windows10-2004-x64
7wwwroot/_c...ss.map
windows10-2004-x64
3wwwroot/_c...ICENSE
windows10-2004-x64
1wwwroot/_c...ICENSE
windows10-2004-x64
1wwwroot/_c...DME.md
windows10-2004-x64
3wwwroot/_c...in.css
windows10-2004-x64
7wwwroot/_c...ic.eot
windows10-2004-x64
3wwwroot/_c...ic.otf
windows10-2004-x64
7wwwroot/_c...ic.xml
windows10-2004-x64
1wwwroot/_c...ic.ttf
windows10-2004-x64
7wwwroot/_c...c.woff
windows10-2004-x64
3wwwroot/_c...pp.css
windows10-2004-x64
7wwwroot/_c...se.css
windows10-2004-x64
7wwwroot/_c...er.css
windows10-2004-x64
7wwwroot/_c...be.css
windows10-2004-x64
7wwwroot/_c...ns.css
windows10-2004-x64
7wwwroot/_c...et.css
windows10-2004-x64
7wwwroot/_c...on.ico
windows10-2004-x64
3wwwroot/_c...ar.ttf
windows10-2004-x64
7wwwroot/_c...n0.png
windows10-2004-x64
3wwwroot/_c...n1.png
windows10-2004-x64
3wwwroot/_c...n2.png
windows10-2004-x64
3wwwroot/_c...n3.png
windows10-2004-x64
3wwwroot/_c...ims.js
windows10-2004-x64
1wwwroot/index.html
windows10-2004-x64
1wwwroot/js/anims.js
windows10-2004-x64
1wwwroot/js...ger.js
windows10-2004-x64
1wwwroot/js...ger.js
windows10-2004-x64
1wwwroot/js/utils.js
windows10-2004-x64
1wwwroot/li...min.js
windows10-2004-x64
1Analysis
-
max time kernel
1201s -
max time network
1169s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2024 14:32
Static task
static1
Behavioral task
behavioral1
Sample
Saturn.zip
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
wwwroot/_content/Saturn.Backend/css/app.css
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
wwwroot/_content/Saturn.Backend/css/bootstrap/bootstrap.min.css
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
wwwroot/_content/Saturn.Backend/css/bootstrap/bootstrap.min.css.map
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/FONT-LICENSE
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/ICON-LICENSE
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/README.md
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/font/css/open-iconic-bootstrap.min.css
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/font/fonts/open-iconic.eot
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/font/fonts/open-iconic.otf
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/font/fonts/open-iconic.xml
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/font/fonts/open-iconic.ttf
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/font/fonts/open-iconic.woff
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
wwwroot/_content/Saturn.Backend/css/swapper/app.css
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
wwwroot/_content/Saturn.Backend/css/swapper/base.css
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
wwwroot/_content/Saturn.Backend/css/swapper/installer.css
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
wwwroot/_content/Saturn.Backend/css/swapper/oobe.css
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
wwwroot/_content/Saturn.Backend/css/swapper/plugins.css
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
wwwroot/_content/Saturn.Backend/css/swapper/reset.css
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
wwwroot/_content/Saturn.Backend/favicon.ico
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
wwwroot/_content/Saturn.Backend/fonts/Nunito-Regular.ttf
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
wwwroot/_content/Saturn.Backend/img/Anims/Saturn0.png
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
wwwroot/_content/Saturn.Backend/img/Anims/Saturn1.png
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
wwwroot/_content/Saturn.Backend/img/Anims/Saturn2.png
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
wwwroot/_content/Saturn.Backend/img/Anims/Saturn3.png
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
wwwroot/_content/Saturn.Backend/js/anims.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
wwwroot/index.html
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
wwwroot/js/anims.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
wwwroot/js/modalManager.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
wwwroot/js/tabManager.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
wwwroot/js/utils.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
wwwroot/lib/anime.min.js
Resource
win10v2004-20240221-en
windows10-2004-x64
General
-
Target
wwwroot/index.html
-
Size
1KB
-
MD5
a7384be70a95c63fab9cc5a291b83536
-
SHA1
0e7c3ed2f611d27a7301191c29cfb5c8fe49f9fa
-
SHA256
aaa042450472c6945839e5b68842912db53e8d5541a95f723e34c5730d88deca
-
SHA512
4687d9cc3ffb5da611c0e2a91baa236a2487d087f401fa07830bb53528ff6fb398efb282c55b2742e5d4e50e7409a7425c2a8d0f62fbe20cb0408524b3eea78a
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533759481147882" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3744 chrome.exe 3744 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3176 chrome.exe 3176 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe Token: SeShutdownPrivilege 3176 chrome.exe Token: SeCreatePagefilePrivilege 3176 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe 3176 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3176 wrote to memory of 2612 3176 chrome.exe 88 PID 3176 wrote to memory of 2612 3176 chrome.exe 88 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 4684 3176 chrome.exe 90 PID 3176 wrote to memory of 1624 3176 chrome.exe 91 PID 3176 wrote to memory of 1624 3176 chrome.exe 91 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92 PID 3176 wrote to memory of 3672 3176 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\wwwroot\index.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3176 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd9c19758,0x7ffbd9c19768,0x7ffbd9c197782⤵PID:2612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1980,i,9512399055525457847,11357460774108177342,131072 /prefetch:22⤵PID:4684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1980,i,9512399055525457847,11357460774108177342,131072 /prefetch:82⤵PID:1624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1980,i,9512399055525457847,11357460774108177342,131072 /prefetch:82⤵PID:3672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1980,i,9512399055525457847,11357460774108177342,131072 /prefetch:12⤵PID:4416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1980,i,9512399055525457847,11357460774108177342,131072 /prefetch:12⤵PID:3676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1980,i,9512399055525457847,11357460774108177342,131072 /prefetch:82⤵PID:3340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 --field-trial-handle=1980,i,9512399055525457847,11357460774108177342,131072 /prefetch:82⤵PID:5076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 --field-trial-handle=1980,i,9512399055525457847,11357460774108177342,131072 /prefetch:82⤵PID:2576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1980,i,9512399055525457847,11357460774108177342,131072 /prefetch:82⤵PID:1252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3948 --field-trial-handle=1980,i,9512399055525457847,11357460774108177342,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3744
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2496
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5b05a180c3873e3f0448ef2d240a17bff
SHA1073da3cd4c27f7b521dcf11574985179e29e1d1e
SHA256db89b058af7999103db32fab7b133b4924442ef8ad3dee8a80ab29118bf14f58
SHA5122fd1f0ef9e4b9b56e713ff266dd30a629cf6fcfd93750743a70c3bc40b0f739a826fc64c2dd72410131280c8a70966345ac7268a562d8acf721af14d4dc6402d
-
Filesize
1KB
MD52f6b1a736ddd9fba1269838b34f1ac44
SHA112b4f636673b54f17f022fa6d18eb1e0c12ee81f
SHA25611de0503b461fe03b212049c90045297cea55aad268674dc23f4dc7373023493
SHA512b7e4fd466167d696a8390c5093dcc97f3a323dfa5d96f4b83e536a237b2a42c457a29319a38ba4115c45c34a5a5914dd18f98c898f9bde740267e7662d31f035
-
Filesize
1KB
MD527648e7f97e63d677de72d571406d900
SHA1d1505497d217e8a44366b1971649137b3ca3215d
SHA256ad2767474be7c1733d651ad4d5bf4942ad962956d40caff54f152a337d3926d7
SHA512046a789cf3cad98d0040a77c5f1a7f38d653351b7a5042d14769d680498ea0e50272f0a894652d6d1a59cebae5c9728d6dd352d8e2fe12a7f0d828d00110ac70
-
Filesize
1KB
MD537b3acdff3c9d8a3d30d07de14d8c553
SHA1ad39d36c6def353487d4aeb778b5c2218a5303a8
SHA25676b65d9b05af6a3051f8c3884aff5264625cc9e1d1a1fac1707b4519a82d6070
SHA5124062f86398d0e208c10083527ac3acc932c462c48eb6474b1d7f41a10bd9d5c17d4c6e6622cb2fefef228495f0f235da91d59fa3d504c96cd1cdc60dc54e9042
-
Filesize
538B
MD50b6d726375a500ceb68004ac56953cb3
SHA1dd4175f0704687b3ed9a87e8700772f6c2210efe
SHA256aa4d5daf1a8564ac9b75734f5a26902760fbc5ff291da883a6f8245149596b1d
SHA512d60e35954a87bb8ec8fcc5229c75d5855c2da036e8dc95d89b3cffccaae67ee62deb586edf58564f9dece771d13e52b15f171dadc8de7d8e11de6e27ac14f468
-
Filesize
6KB
MD5f8b3d4f1ab993dca1301c1c0dc141a8d
SHA1cff03eb7575bcdd4bff93dc82876003cdc9fc33b
SHA25617f05c9f8c42df1930039f709aeaf9d5082c636262be6bee7cce02173e8617b8
SHA512c89ea4e4cb7ed0d18900f848898c824908395f975d7930be6ac72459f2c62513ff6f07be8b5c00b2955b0f72c7dc85ac790de08566ca9aa633f3d2203facc4bd
-
Filesize
6KB
MD52e98c6ff1cfe6b184488f159772dac9d
SHA1d17a0adfb2f14a84bdbe25fc8963faa7fdda98dd
SHA25654f853b681c712fdccd7230b289c2489f543b57e546241c18c5bb9b0036e3f61
SHA51234f8df5ddcd24a170b93177cc649d3ab376589c41e2b0bdef4fabd52fdba323bdfb2c07ff27a9ec6b12fd8599b541182ed04e471e4f819d0a29b180430dd8585
-
Filesize
174KB
MD53f1862855430135cc9b98437d25e881c
SHA1011dad851c267867733652b638c744e7f4084dca
SHA25621f85c8e1f75808dd3811a61c140c961303e6b46ee3e0d4096316080074e0c9f
SHA5123336a09b2515a940cca3a2ca21c40843ca02421eedc1b77e39e7b3c4ae468bf874ea7f06bdccddd16de6cd920db01584449f4b021315082eba74cdcf59ffdd71
-
Filesize
132KB
MD5efd347f5eefb05c27bb5cc7e9e617f02
SHA189a194da3c42222fd43c7269bba1d90979f113a0
SHA256dde548cca1a435aa2d1871fa3b4f43a0d95d1bb3bbb23b2ebda8e9ff581870a6
SHA51263d3af3cca8e8d61dca4c7db48d529fe5b3b80acfd6eac703a74439d12a76d8a54f0d21db915851e6f328208d5e4010b0ccdbaa47f80cdbc6282265548a635a0
-
Filesize
131KB
MD5cb0ab53b20b845c4bb3ed92ea3a463fa
SHA1d9564f6180800da4b26c929073f38bd970b4fb22
SHA25694460d7a79ad0d773a2b37198eb697de2ba5598772648d9771560ff49e227039
SHA5128782b36a25ceb56dadd1be68768355b99fff065d27e0da1a8b918ce57ac690b2594ce474a858578e40e047c97551a87985b39fe6b72aabeac1d900af1fd12030
-
Filesize
131KB
MD56e063777bd7aa764919d4e11223b9147
SHA167646df25c4868ecf55eb8ed58adcaa6977b277d
SHA256b9b6b33993f5b31c648316c6568c01b36e36b1771842e79a16f27175fa31e26a
SHA512a1eecbf00949f46b6ac373fc064a268daa4671d7e2a943e3410cc196bf65bfd83927a0de5a48a94b2decf089a7020b16db2518361d32898e00026c9aceb639a7
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd